Java Spring Security-为什么SecurityContextHolder.getContext().getAuthentication()返回AnonymousAuthenticationToken?
我将Spring安全性用于需要手动设置身份验证对象的特定用例。当用户注销时,我通过SecurityContextHolder.getContext().getAuthentication()检索身份验证对象,但它返回的是AnonymousAuthenticationToken,而不是预期的OAuth2AuthenticationJava Spring Security-为什么SecurityContextHolder.getContext().getAuthentication()返回AnonymousAuthenticationToken?,java,spring,spring-security,Java,Spring,Spring Security,我将Spring安全性用于需要手动设置身份验证对象的特定用例。当用户注销时,我通过SecurityContextHolder.getContext().getAuthentication()检索身份验证对象,但它返回的是AnonymousAuthenticationToken,而不是预期的OAuth2Authentication UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationTo
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(user, password, authoritiesMapper.mapAuthorities(user.getAuthorities()))
ServletRequestAttributes attributes = (ServletRequestAttributes) RequestContextHolder.currentRequestAttributes();
token.setDetails(new WebAuthenticationDetails(attributes.getRequest()));
OAuth2Authentication oAuth2Authentication = new OAuth2Authentication(new CustomOAuth2Request(ImmutableMap.of(PARAM_SCOPE, SCOPE_OPENID), clientId,
redirectUri, Sets.newHashSet(SCOPE_OPENID)), token);
SecurityContextHolder.getContext().setAuthentication(oAuth2Authentication);
HttpSession session = attributes.getRequest().getSession(true);
session.setAttribute(SPRING_SECURITY_CONTEXT, SecurityContextHolder.getContext());
在我的注销代码中:
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
为什么这不会返回我期望的身份验证?您如何得出结论,从getAuthentication方法调用中得到的是类型为AnonymousAuthenticationToken的身份验证?您是否尝试将其转换为OAuth2Authentication?当您这样做时,是否会出现错误?很高兴也能共享OAuth2Authentication代码。强制转换生成'java.lang.ClassCastException:org.springframework.security.authentication.AnonymousAuthenticationToken不能强制转换为org.springframework.security.oauth2.provider.OAuth2Authentication。是开箱即用的。你自己为什么还要胡闹?您在第一个代码段中所做的是Spring应该做的事情。另外,您尝试获取的注销代码是什么(如果是在注销之后,则没有
身份验证
,因为您已注销)。